diff options
author | Christian Seiler <christian@iwakd.de> | 2015-01-27 18:58:40 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-27 18:58:40 +0100 |
commit | 11c6476a08af7a8a9ae6a2d0f8370587f7b31663 (patch) | |
tree | 141141196d3c4670d6c05bed548800ab5919df22 | |
parent | 4d858e7d9f39038713f760d7acc64acf7bba2aa7 (diff) |
logind: chown+chmod /run/user/$UID if mount(tmpfs) fails with EPERM
In containers without CAP_SYS_ADMIN, it is not possible to mount tmpfs
(or any filesystem for that matter) on top of /run/user/$UID.
Previously, logind just failed in such a situation.
Now, logind will resort to chown+chmod of the directory instead. This
allows logind still to work in those environments, although without the
guarantees it provides (i.e. users not being able to DOS /run or other
users' /run/user/$UID space) when CAP_SYS_ADMIN is available.
-rw-r--r-- | src/login/logind-user.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/login/logind-user.c b/src/login/logind-user.c index d1f91d6a29..928afd35e2 100644 --- a/src/login/logind-user.c +++ b/src/login/logind-user.c @@ -335,8 +335,20 @@ static int user_mkdir_runtime_path(User *u) { r = mount("tmpfs", p, "tmpfs", MS_NODEV|MS_NOSUID, t); if (r < 0) { - r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p); - goto fail; + if (errno != EPERM) { + r = log_error_errno(errno, "Failed to mount per-user tmpfs directory %s: %m", p); + goto fail; + } + + /* Lacking permissions, maybe + * CAP_SYS_ADMIN-less container? In this case, + * just use a normal directory. */ + + r = chmod_and_chown(p, 0700, u->uid, u->gid); + if (r < 0) { + log_error_errno(r, "Failed to change runtime directory ownership and mode: %m"); + goto fail; + } } } @@ -514,7 +526,11 @@ static int user_remove_runtime_path(User *u) { if (r < 0) log_error_errno(r, "Failed to remove runtime directory %s: %m", u->runtime_path); - if (umount2(u->runtime_path, MNT_DETACH) < 0) + /* Ignore cases where the directory isn't mounted, as that's + * quite possible, if we lacked the permissions to mount + * something */ + r = umount2(u->runtime_path, MNT_DETACH); + if (r < 0 && errno != EINVAL && errno != ENOENT) log_error_errno(errno, "Failed to unmount user runtime directory %s: %m", u->runtime_path); r = rm_rf(u->runtime_path, false, true, false); |